1. Technical Field
This invention generally relates to authentication in computer systems, and more specifically relates to authentication of a user accessing a virtual machine using the physical location of the virtual machine as a criteria for the authentication.
2. Background Art
Cloud computing is a common expression for distributed computing over a network and can also be used with reference to network-based services such as Infrastructure as a Service (IaaS). IaaS is a cloud based service that provides physical processing resources to run virtual machines (VM) as a guest for different customers. The virtual machine may host a user application or a server. Cloud computing and IaaS create a potential opportunity for intruders to access customer data on the virtual machines. Current methods to authenticate to a VM allow opportunities for non-authorized entities to gain access or obtain knowledge of details about the perceived secured connections into that cloud environment. Other security methods for distributed cloud environments require a centralized management system that manages all incoming requests and assigns them accordingly based on authentication. This can compromise the cloud environment if intruders gain access to the central management system.
When a system is deployed to a virtual machine (logical partition), the user typically does not know the physical location of the hardware running the system. If a malicious user gains access to the virtual machine, they could move the virtual machine to a different location to run on their hardware. Because cloud computing provides a level of abstraction that typically hides the location of the physical hardware, a virtual machine could be moved without the end user's knowledge. Some users, especially government entities, require provisioning a logical partition to a specified physical location. However, when the virtual machine is created and running at the specified physical location, the virtual machine could be moved without the user's knowledge.